Checking TLS-Cert-* and and accept/reject based on them

Axel Thimm Axel.Thimm at
Thu Aug 29 15:25:28 CEST 2013

On Thu, Aug 29, 2013 at 02:12:35PM +0100, Phil Mayers wrote:
> Otherwise, you could look at the "verify { }" stanza of the "tls {
> }" block in eap.conf; this allows you to run an external script once
> you've got the client cert, and there you can write any code you
> want to access the various issuer/subject fields.

Thanks, I'm already using it for other purposes. But do I have the
request data at hand to check for the requested SSID?

Or is there a way to set variables in this script to check later in
the authorize section's modules (with an exec script)?
Axel.Thimm at

More information about the Freeradius-Users mailing list